FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Description
The DNS translation feature available in the FortiOS firmware is designed to modify the DNS reply from a DNS server.

It is typically used to allow internal users of a network to access resources with their private IP addresses, hence can simplify the firewall configurations.

A network diagram is provided below with an example that illustrates on how to configure this feature.

 
In this example, the client sends a DNS resolution request to the DNS server 172.31.17.252 for resource "server1.lab.mycompany.com" . The DNS reply sent by the DNS server is 172.31.17.37 (this is the public IP address of "server1"), but the reply is translated on the FortiGate unit into 10.73.1.37, which is the private IP address of the same resource, "server1".


Scope

FortiOS version 4.00 MR2
FortiOS version 4.00 MR3
FortiOS version 5.0.x
 


Solution

rmetzger_dnstranslation5.png


Keywords:
config firewall dnstranslation
config system session-helper





Contributors